Skip to content

feat: add envExclude option to filter environment variables for agents#190

Merged
subsy merged 1 commit intomainfrom
claude/investigate-issue-150-GAlhn
Jan 22, 2026
Merged

feat: add envExclude option to filter environment variables for agents#190
subsy merged 1 commit intomainfrom
claude/investigate-issue-150-GAlhn

Conversation

@subsy
Copy link
Owner

@subsy subsy commented Jan 22, 2026

Summary

  • Adds envExclude configuration option to filter environment variables before spawning agent processes
  • Supports exact match and glob patterns (e.g., *_API_KEY, *_SECRET)
  • Adds comprehensive documentation to the website

Test plan

  • Run bun run typecheck - passes
  • Run bun run build - passes
  • Run bun test src/plugins/agents/base.test.ts - 28 tests pass

Usage

# Top-level shorthand
agent = "claude"
envExclude = ["ANTHROPIC_API_KEY"]

# Or per-agent configuration
[[agents]]
name = "claude-max"
plugin = "claude"
envExclude = ["ANTHROPIC_API_KEY", "*_SECRET"]


<!-- This is an auto-generated comment: release notes by coderabbit.ai -->

## Summary by CodeRabbit

* **New Features**
  * Introduced environment variable exclusion configuration to control which environment variables are passed to agent processes.
  * Supports exact names and glob patterns (e.g., `*_API_KEY`) for flexible filtering.
  * Configurable at global, project, and per-agent levels.

* **Documentation**
  * Added comprehensive documentation on environment variable exclusion syntax and usage examples.

<sub>✏️ Tip: You can customize this high-level summary in your review settings.</sub>

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

Adds a new `envExclude` configuration option that allows filtering out
specific environment variables before they are passed to agent subprocesses.
This addresses issue #150 where ANTHROPIC_API_KEY from .env files was
being inherited by the Claude CLI, causing API credits to be used instead
of Max subscription auth.

Features:
- Support for exact match and glob patterns (e.g., "*_API_KEY", "*_SECRET")
- Available as top-level shorthand or per-agent in [[agents]] config
- Configurable in TOML config files

Example usage:
```toml
agent = "claude"
envExclude = ["ANTHROPIC_API_KEY"]
```

Fixes #150
@vercel
Copy link

vercel bot commented Jan 22, 2026

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Review Updated (UTC)
ralph-tui Ready Ready Preview, Comment Jan 22, 2026 1:23pm

Request Review

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Jan 22, 2026

Walkthrough

The pull request introduces an environment variable exclusion feature that allows users to specify which environment variables should be filtered out when spawning agent processes. This involves adding envExclude fields to configuration schemas and types, implementing glob pattern matching and environment filtering logic in BaseAgentPlugin, propagating the setting through the configuration merge system, and providing comprehensive test coverage and documentation.

Changes

Cohort / File(s) Summary
Configuration Schema & Types
src/config/schema.ts, src/config/types.ts, src/config/index.ts
Added envExclude?: string[] to StoredConfigSchema and StoredConfig interface; implemented propagation of envExclude through config merging in mergeConfigs; applied envExclude shorthand to default agent config in getDefaultAgentConfig.
Agent Plugin Implementation
src/plugins/agents/types.ts, src/plugins/agents/base.ts, src/plugins/agents/registry.ts
Extended AgentPluginConfig with optional envExclude field; implemented globMatch and filterEnvByExclude utility helpers; added envExclude property to BaseAgentPlugin and updated initialize/execute methods to read and apply environment variable filtering; propagated envExclude through plugin registry.
Test Coverage
src/plugins/agents/base.test.ts
Added comprehensive test suite for envExclude functionality, including initialization tests for storing patterns, execution tests for exact matches, glob patterns (\_API_KEY, \_SECRET), and key-specific filtering (ANTHROPIC_API_KEY); validates stdout filtering behaviour.
Documentation
website/content/docs/configuration/options.mdx
Added new Core Settings option for envExclude with type and default value; introduced dedicated "Environment Variable Exclusion" section covering purpose, use cases, shorthand and per-agent configurations, glob pattern syntax, and example TOML configurations.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

  • subsy/ralph-tui#119: Modifies the same config merging and shorthand application logic (mergeConfigs and getDefaultAgentConfig) to propagate a top-level agent-related configuration setting into per-agent config.

Poem

🐰 Environment variables now have a filter fine,
Exclude the ones you don't want, let the others shine!
Glob patterns match with grace, secrets stay secure,
A rabbit hops with joy—the config's now more pure! 🌿✨

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the main change: adding an envExclude option to filter environment variables for agents, which is reflected throughout the changeset.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing touches
  • 📝 Generate docstrings

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@codecov
Copy link

codecov bot commented Jan 22, 2026

Codecov Report

❌ Patch coverage is 77.08333% with 11 lines in your changes missing coverage. Please review.
✅ Project coverage is 44.90%. Comparing base (84f1f6c) to head (f779607).
⚠️ Report is 2 commits behind head on main.

Files with missing lines Patch % Lines
src/config/index.ts 33.33% 6 Missing ⚠️
src/plugins/agents/base.ts 86.11% 5 Missing ⚠️
Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main     #190      +/-   ##
==========================================
+ Coverage   44.83%   44.90%   +0.06%     
==========================================
  Files          76       76              
  Lines       22029    22075      +46     
==========================================
+ Hits         9877     9913      +36     
- Misses      12152    12162      +10     
Files with missing lines Coverage Δ
src/config/schema.ts 94.69% <100.00%> (+0.09%) ⬆️
src/config/types.ts 100.00% <ø> (ø)
src/plugins/agents/registry.ts 50.20% <100.00%> (+0.20%) ⬆️
src/plugins/agents/base.ts 60.82% <86.11%> (+1.51%) ⬆️
src/config/index.ts 52.01% <33.33%> (-0.27%) ⬇️
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@subsy subsy merged commit 1a0f4e3 into main Jan 22, 2026
9 checks passed
@subsy subsy deleted the claude/investigate-issue-150-GAlhn branch January 22, 2026 14:53
sakaman pushed a commit to sakaman/ralph-tui that referenced this pull request Feb 15, 2026
…GAlhn

feat: add envExclude option to filter environment variables for agents
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants

Comments